Managing AWS-hosted VMs using EC2 Systems Manager

I’ve been doing a lot of work recently with Linux VMs that are hosted on Amazon Web Services‘ EC2 service. As part of this work, I’ve been working on two problems in parallel:

Enabling automation of certain management commands for the VMs

Securing SSH

Part of the issue was that I thought I needed to have SSH available to enable remote administration. If that was true, I also needed to secure SSH access so that I could use it and malicious third parties couldn’t. However, whatever method I chose also needed to be easily accessible to my team so that they could access the AWS-hosted VMs in case of an emergency where I wasn’t available.

Once the role is associated with the appropriate instances, the next thing to do is install the Systems Manager agent on the EC2 instance. Once all the needed role and agent setup work is done, your VMs in a particular AWS region should register themselves with the EC2 Systems Manager for that region and you should be ready to go.

To access EC2 Systems Manager, please use the procedure shown below:

1. Log into the AWS web console

2. Select EC2

3. Select Managed Instances

A list of all managed instances for that AWS region will be displayed.

6. If the command succeeded, you will see a Success message. To view the command’s run, click the link on the status message.

7. You’ll be taken to a command list that’s been filtered to just show that command. To see the result of the command, click the Output tab.

8. Under the Output tab, click the View Output link.

The output of the command is shown in a new window.

Note: The output available here is limited to 2500 characters.

9. Once finished viewing the command output, click the Close button.

In addition to commands, you can also run shell scripts in the Commands entry.

To build a library of commands to run, you can use EC2 Systems Manager Documents. These are JSON files that can be used to run commands, including Unix shell scripts. As an example, please see below for two Systems Manager Documents that I created for managing Jamf Pro’s Tomcat: